Taking a process-led approach to your cyber technology deployments is critical to your organization’s ability to reduce risk. Too often, organizations focus on solution features and not on driving the appropriate security outcomes.

When making an investment in a cybersecurity solution, or really any IT solution for that matter, you are looking for just that – a solution to a problem. Too often we get hung up on this feature or that function. The reality is you have a business problem and are looking for a solution to solve said business problem.

Successfully deploying the solution is as critical as selecting the right solution to address your problem. Oftentimes, software solutions are deployed using a technology-led approach. A technology-led approach to deployment typically jumps right into installation (on premises) or configuration (SaaS) for the technology of choice. This is a natural approach for technologists, as it gets them to their new set of features or functions most quickly.

The Standish Group Chaos Report finds only 29% of IT project implementations are successful, and 19% are considered failures. A technology-led approach to deployment oftentimes can significantly reduce the value realized from the investment in the technology solution. Most technology investments result in the transition from a current state to a new state. Your current state can be very manual, a homegrown solution, or an off-the-shelf application you are looking to upgrade. These processes have likely been tuned and optimized to support your current technology stack.

Why process matters

All technologies are different. Even if your new solution is delivering similar capabilities to your current technology stack, there are likely differences in how they go about delivering those capabilities. Usually, there are also new capabilities you would like to deploy. These new capabilities might not even be considered in your current processes.

Cyber Exposure is an emerging discipline focused on managing and measuring your modern attack surface to accurately understand and reduce your cyber risk. The discipline of Cyber Exposure requires us to look at this critical business problem and the supporting solutions through a different lens. Cyber Exposure is fundamentally changing core security processes by providing a broader coverage of assets while providing rich information necessary to prioritize where resources should be focused. Process transformation is critical in order to fully achieve this goal.

The value of a process-led approach

A process-led approach to deployment starts with a discussion about business and security objectives and the supporting processes necessary to achieve those objectives. Tenable Professional Services is defining a point of view regarding the common cybersecurity processes our solutions enable. These processes include asset discovery, vulnerability management, and configuration management. Early in the deployment process, we have a discussion with clients about these key processes. The objective is to arrive at a process definition that achieves the client’s business and security objectives while fully utilizing the capabilities of the technology. These process points of view provide a framework for facilitating this discussion. The result is a process-led versus technology-led approach to deployment.

The best advice I can give someone deploying a new technology is to first clarify your business and security objectives. These objectives should serve as a North Star for decision making. Take the opportunity to review your processes and procedures in the context of the new solution. Seek to understand the full breadth of capabilities of your new solution. Adjust your processes to maximize these capabilities. Only then are you ready to install and / or configure the technology. This will give you the best opportunity to maximize the realized value of your investment.

Learn More:

Learn more about Tenable.io, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.

Share this post and earn Cybytes

Follow

1600 Followers

About Tenable

Tenable™, Inc. is the Cyber Exposure company. Over 24,000 organizations of all sizes around the globe rely on Tenable to manage and measure their modern attack surface to accurately understand and reduce cyber risk. As the creator of Nessus®, Tenable built its platform from the ground up to deeply understand assets, networks and vulnerabilities, extending this knowledge and expertise into Tenable.io™ to deliver the world’s first platform to provide live visibility into any asset on any computing platform. Tenable customers include over 50 percent of the Fortune 500, large government agencies and organizations across the private and public sectors. Learn more at tenable.com.

Promoted Content

Five Steps to Building a Successful Vulnerability Management Program

Is your vulnerability management program struggling?
Despite proven technology solutions and the best efforts of IT teams, unresolved vulnerabilities remain an ongoing source of friction and frustration in many organizations. Regardless of how many vulnerabilities are fixed, there will always be vulnerabilities that can’t easily be remediated – and too often, finger-pointing between IT teams and business groups can ensue.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.